Motives Other Than Profit May Be Behind Recent Data Breaches

Those conducting two recent cyberattacks against healthcare provider organizations didn’t appear to have a profit motive for gaining access to documents or systems.

Rather, the attempts seem to take advantage of resulting news stories to draw attention to other issues, or to just prove that access could be achieved, not necessarily to access and use the stolen data, says Linn Freedman, a partner and chair of the data privacy and security team at the law firm of Robinson+Cole.

Central Ohio Urology Group with 29 physicians and physician assistants had more than 101,000 Word and PDF documents stolen in a recent incursion, and the Ukrainian hacker displayed some of the patient data on a web site.

The hacker also created a Twitter feed and used it to document alleged poisoning of Ukrainians in the city of Odessa via viruses “from secret laboratories” that received help from the U.S. Pentagon. The hacker warned labs not to participate in such research, according to Databreaches.net, which received messages from the hacker.

The web site of Central Ohio Urology Group doesn’t mention the breach. Patients calling the practice receive a recording informing them that the practice is “currently investigating possible criminal activity” with law enforcement, and if the incident is determined to be a breach of actual data, affected patients will be contacted and given more information.

At 16-physician Jefferson Medical Associates in Laurel, Miss., a server holding “limited” prescription information was accessed by an unauthorized individual about June 1.

“At this time, investigators do not believe the individual who accessed the database has used the information acquired,” according to a statement from the practice. “Instead, it is believed that the individual accessed the database only to demonstrate his ability to do so. Through JMA’s investigation, it also has learned that other remote connections were made to this database from unknown sources at various times between March 25, 2014, and June 1, 2016. JMA has not been able to determine whether any of these other connections actually resulted in any acquisition, access, use or disclosure of patient information, but it is possible.”

Consequently, Jefferson Medical Associates is offering one year of credit/identity protection services from AllClear ID to patients requesting the service. Notices of the breach have gone out to about 10,400 individuals, a spokesperson said.

These new attacks are reminiscent of the July 2015 cyberattack on Ashley Madison, a web site for facilitating extramarital affairs and prostitution, Freedman says.

In that incident, attackers threatened to release client names if the site was not shut down. But just because an attacker contends that a hack was done for a specific reason doesn’t mean the claim is believable, she adds. Consequently, healthcare will continue to be a primary target of hackers because many provider organizations do not have the resources of those in other industries to sufficiently harden their information systems.